diff options
| author | Pali Rohár <pali@kernel.org> | 2024-10-14 14:56:26 +0300 |
|---|---|---|
| committer | Steve French <stfrench@microsoft.com> | 2025-04-01 09:54:17 +0300 |
| commit | b1a37df6ba2f13be341130b9fe10649ef6a42e9a (patch) | |
| tree | 706577be2b9b5d11c7316d8f38f38be51013a17f /tools/perf/scripts/python/check-perf-trace.py | |
| parent | bf782ada459efde8fe9a488cf30a40d32caf787f (diff) | |
| download | linux-b1a37df6ba2f13be341130b9fe10649ef6a42e9a.tar.xz | |
cifs: Add a new xattr system.smb3_ntsd_owner for getting or setting owner
Changing owner is controlled by DACL permission WRITE_OWNER. Changing DACL
itself is controlled by DACL permisssion WRITE_DAC. Owner of the file has
implicit WRITE_DAC permission even when it is not explicitly granted for
owner by DACL.
Reading DACL or owner is controlled only by one permission READ_CONTROL.
WRITE_OWNER permission can be bypassed by the SeTakeOwnershipPrivilege,
which is by default available for local administrators.
So if the local administrator wants to access some file to which does not
have access, it is required to first change owner to ourself and then
change DACL permissions.
Currently Linux SMB client does not support this because client does not
provide a way to change owner without touching DACL permissions.
Fix this problem by introducing a new xattr "system.smb3_ntsd_owner" for
setting/changing only owner part of the security descriptor.
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'tools/perf/scripts/python/check-perf-trace.py')
0 files changed, 0 insertions, 0 deletions